A unique application integration for Delaware's largest Health Care System drove them to seek the services of a vendor who could not only understand the business drivers behind the work, but also perform a deep technical analysis of the integration pieces.
"We chose BTB because of their flexibility when it came to approach. This isn't a typical application assessment or penetration test," said Rob, the project's lead. "We needed somebody steeped with technical expertise to take a hard look at our application, point us in the right direction, and then have the ability to test it thoroughly," he added.
While most organizations wait until a production application has already been deployed to engage an independent security vendor for assessment or validation services, they decided to pro-actively engage BTB in the early stages after initial developmental plans were drawn up.
"It's great to see an organization of this size take the security of their application development so seriously. Often times, even in larger clients in other industries, application development and deployment are at the lower end of security maturity," said Ron Schlecht, Managing Partner with BTB Security. "We were very fortunate to be engaged with them early on in this project, and even though it sounds odd coming from security practitioners, we've aided in deployment timelines and helped ensure it's done right the first time."
The project demonstrates the true value of BTB Security – technical expertise, business acumen, and flexibility to deliver services in a variety of situations.
Making security matter and a business differentiator in any industry can be hard. Combine that with the fact that the financial industry is now one of the most regulated environments in the country and one of the biggest targets for nefarious activity, and you have quite a challenge.
A well established financial management firm came to BTB Security with a fundamental problem that many companies face. They know security is necessary in their environment and makes good business sense, but besides seeing the purely technical metrics of what they're doing, they wanted a score card to demonstrate the fruits of their labor and pinpoint how they could improve.
"The wide scale Governance Assessment that BTB did not only provided us a check point in how we're doing, but a road map to match technology and resource investments with security program improvements," commented the Manager of Information Security.
BTB's Governance Assessment goes beyond what is provided with the technical vulnerability assessment and takes a deep look at functions inside and outside of information technology to provide an honest assessment of how information security is functioning at an organization.
"We help answer the tough questions about the true state of information security within a company," BTB Managing Partner Brian Bailey said. "We provided the Manager of Information Security, his team, and ultimately the executives, a score card to show the state of security at their company in comparison to regulatory requirements, and how to intelligently invest to improve security and support business objectives."
The output of the project has not only provided information about the current state and helped improve the security of the organization, but also acts as a baseline to show improvements as time goes on. The bottom line is that BTB's Governance Assessment provides the information that security management often has a hard time conveying to executive management.